Appln. Serial No. 10/791,414 

Amendment Dated November 17, 2009 

Reply to Office Action Mailed August 17, 2009 

REMARKS 

In the Office Action dated August 17, 2009, claims 10-12, 14, 17 and 20-25 were rejected 
under 35 U.S.C. § 103(a) as unpatentable over U.S. Patent No. 7,020,464 (Bahl) in view of U.S. 
Patent No. 6,108,300 (Coile). 

It is respectfully submitted that the obviousness rejection of claim 10 over Bahl and Coile 
is erroneous. 

To make a determination under 35 U.S.C. § 103, several basic factual inquiries must be 
performed, including determining the scope and content of the prior art, and ascertaining the 
differences between the prior ait and the claims at issue. Graham v. John Deere Co., 383 U.S. 1, 
17, 148 U.S.P.Q. 459 (1965). Moreover, as held by the U.S. Supreme Court, it is important to 
identify a reason that would have prompted a person of ordinary skill in the art to combine 
reference teachings in the manner that the claimed invention does. KSR International Co. v. 
Teleflex, Inc., Ill S. Ct. 1727, 1741, 82 U.S.P.Q.2d 1385 (2007). 

Claim 10 recites a method for maintaining secure network connections, comprising: 

• duplicating, at a third network element, a security association associated with a secure 
network connection between a first network element and a second network element, 
wherein a lookup of the security association associated with the secure network 
connection is not dependent on any destination address; and 

• in response to detecting failure of the second network element, replacing the second 
network element with the third network element in the secure network connection with 
the first network element, wherein tlie secure network connection between the first 
network element and the third network element is based on the duplicated security 
association. 

The Office Action cited Bahl as purportedly disclosing duplicating, at a third network 
element, a security association associated with a secure network connection between a first 
network element and a second network element. 

In the rejection, the Office Action identified the mobile host 70 or 120 (Fig. 2 or 3 of 

Bahl) as being the "first network element" of claim 10, and identified the correspondent host 72 
or 122 (Fig. 2 or 3 of Bahl) as being the "second network element" of claim 10. Moreover, the 
Office Action pointed to the "new mobile address" mentioned in the abstract of Bahl as being the 
"third network element" of claim 10. The abstract of Bahl refers to a mobile host changing to a 
new address. The abstract of Bahl states that the system and method described in Bahl provides 
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mobility support to handle address changes of the mobile host to provide transparent session 
continuity when the mobile host changes to a new address. 

However, as recognized by the Office Action, a "new address" cannot be the "third 
network element" of claim 10, where the third network element can replace the second network 
element in the secure network connection with the first network element, as recited in claim 10. 

As purportedly disclosing claimed subject matter conceded to be missing from Bahl, the 
Office Action cited Coile, and specifically to a backup network device 120 shown in Figure 1 of 
Coile. 

Coile refers to transferring a network function from a primary network device to a backup 
network device when it is detected that the primary network device has failed. However, this has 
nothing to do with the subject matter of claim 10, which refers to replacing the second network 
element with a third network element in the secured network connection with the first network 
element, where the secure network connection between the first network element and the third 
network element is based on the duplicated security association. Nowhere in Coile is there any 
hint provided of replacing one network element with another network element in a secure 
network connection and then maintaining the secure network connection based on a duplicated 
security association. 

In view of the foregoing, even if Bahl and Coile could be hypothetically combined, the 
hypothetical combination of references would not have led to the claimed subject matter. 

Moreover, no reason existed that would have prompted a person of ordinary skill in the 
art to combine the teachings of Bahl and Coile. 

Bahl refers to a change of address of a mobile host as the mobile host moves around. 
Bahl describes how a secure connection can be maintained between the mobile host and a 
correspondent host even though the address of the mobile host has changed. This teaching of 
Bahl has nothing to do with the subject matter of claim 10, which relates to detecting failure of a 
second network element (to which the first network element has established a secure network 
connection that is associated with a security association) and replacing the second network 
element that has failed with a third network element in the secure network connection with the 
first network element. Maintaining a secure connection in response to a change of address of a 
mobile host, as taught by Bahl, has nothing to do with detecting failure of the second network 
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element and replacing the second network element with a third network element in the secure 
network connection with the first network element, as recited in claim 10. Moreover, Coile 
provides absolutely no hint whatsoever that its failover mechanism would maintain a secure 
network connection that is based on a duplicated security association. In view of the foregoing, 
it is clear that a person of ordinary skill in the art would have found no reason to combine the 
teachings of Bahl and Coile to achieve the claimed invention. 

Therefore, it is respectfully submitted that the obviousness rejection of claim 10 is in 
error. Independent claim 22 is similarly allowable over Bahl and Coile. 

Independent claim 12 recites a method for maintaining secure network connections, 
comprising: 

• configuring a plurality of security gateways such that a lookup of security 
associations is not dependent on any destination address; and 

• sharing a security association among the plurality of security gateways. 

Claim 12 recites sharing a security association among a plurality of security gateways. 
The Office Action cited security associations 84 and 86 and the IPsec/ISAKMP security 
associations of Bahl as being shared among a plurality of security gateways (which the Office 
Action equated to correspondent hosts (or servers 112a and 112b disclosed in Coile)). The 
security association 84 of Bahl resides in the correspondent host 72, while the security 
association 86 resides in the mobile host 70. Similarly, the ISAKMP security association 142 in 
Fig. 3 of Bahl resides in the mobile host 120, while the ISAKMP security association 146 resides 
in the correspondent host 122. In each of Fig. 2 and 3 of Bahl, a secure connection associated 
with a particular security association is maintained between a mobile host and a correspondent 
host. There is absolutely nothing in Bahl that would even remotely hint at sharing a security 
association at multiple security gateways. In other words, different security associations in a 
correspondent host in Bahl would correspond to different secure connections with different 
mobile hosts. Therefore, there would be no sharing of a security association among a plurality of 
security gateways. 

Coile also makes absolutely no mention of sharing a security association among a 

plurality of security gateways. 
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Therefore, even if Bahl and Coile could be hypothetically combined, the hypothetical 
combination of the references would not have led to the claimed subject matter. Moreover, a 
person of ordinary skill in the art would not have been prompted to combine the teachings of 

Bahl and Coil to achieve the subject matter of claim 12, since the concept of sharing a security 
association among a plurality of security gateways does not exist in Bahl or Coile. 
The obviousness rejection of claim 12 is therefore also defective. 

Dependent claims are allowable for at least the same reasons as corresponding 
independent claims. 

Allowance of all claims is respectfully requested. The Commissioner is authorized to 
charge any additional fees and/or credit any overpayment to Deposit Account No. 14-1315 
(NRT.0124US). 

Respectfully submitted. 
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